SlideShare uma empresa Scribd logo

DockerCon EU 2015 Barcelona

Transferir como PPTX, PDF
Roman Dembitsky
Roman Dembitsky

DockerCon EU 2015 Barcelona impressions Technology overview

Tecnologia
1 de 75
DevOps & Automation Tech/Team Leader at Cisco DRM Engineering Roman Dembitsky – romande@gmail.com Released: November 16, 2015 Docker Overview DockerCon EU 2015
Agenda • What is Docker? • Docker Solutions • Docker Security
What is Docker?
Docker allows you to package an application with all of its dependencies into a standardized unit for software development. Docker
Docker Engine
How is this different from virtual machines?
• Docker Machine – Machine provisioning • Docker Engine – Creates and runs Docker containers • Docker Registry – Docker image distribution repository • Docker Kitematic – Desktop GUI for Docker • Docker Compose – Define multi-container applications • Docker Swarm – Host clustering and container scheduling • Docker Universal Control Plane - Management Platform Docker Solutions
Docker Stack Docker Engine Docker Container Docker Compose Docker Swarm Docker Orca (UCP) Platform Layer Application Multi-container applications Distributed Cluster Management Platform Management
Docker Machine
• Create Hosts Anywhere • Docker Machine can create hosts on most major virtualization hypervisors and in cloud service providers. Docker Machine has driver support for • AWS, Digital Ocean, Google Cloud Platform, IBM Softlayer, Microsoft Azure and Hyper-V, OpenStack, Rackspace, VirtualBox, VMware Fusion®, vCloud® Air™ and vSphere® Docker Machine
• Install Docker Engine • Configure Docker Registry • Join nodes to Swarm
Docker Kitematic
•Kitematic – nice GUI for containers management •Video Kitematic
Kitematic
Docker Registry
Docker Registry
Docker Registry is an open source application dedicated to the storage and distribution of your Docker images. Its seamless architecture allows both for fine grain integration with other systems and high-level scalability. Aggressively developed, its vibrant community includes industry leaders and users using it at the core of their images distribution solutions. Docker Registry
Docker Stages
Docker Stages
Docker File - Sample Source To Run: docker run -d -p 27017:27017 -p 28017:28017 --name mongo -e AUTH=no tutum/mongodb
Docker Compose
Docker Compose - Example
• Compose facilitates the orchestration of linked containers • Compose allows to have a single script for all the environments • Developers can start/stop/rebuild containers without any deep knowledge of Docker Docker Compose
Docker Swarm
Docker Swarm
•Swarm – container distribution manager, clustering and scheduling •Swarm 1.0 – ready for production Docker Swarm
•Built-in multi-host networking •Built-in persistent storage • Attach any volume to any container dynamically Docker Swarm
• Scalable • Libkv (abstraction layer on top of etcd, zookeeper, consul kv stores) Docker Swarm
Docker Swarm - Demo
Docker Security
Hardware Key for signing images
• Docker Images signing and verifying • Key compromise protection • Content trust allows operations with a remote Docker registry to enforce client-side signing and verification of image tags. Content trust provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side verification of the integrity and publisher of specific image tags. • https://blog.docker.com/2015/08/content-trust-docker-1-8/ Docker Content Trust
• Hardware crypto + docker content trust • Hardware root key (usb security device) used for starting key ladder • Allows quickly changing/updating keys so it won’t be possible pushing images with the old keys (that were compromised) Docker Security
• Sign docker images before pushing images to repos • Uses root key inside the yubikey for creating new singing keys to sign the images • To see existing keys: notary key list Docker Security
• Project Nautilus • Built-in container security analysis • Soon will be as a self service • Deep content analysis • Checks against its own vulnerability db Docker Security Analysis
Docker Networking
• New Docker Networking APIs • Multi-Host networking • Networks are scoped: Local / Global • Container can participate in multiple networks Docker Networking
• VXLAN Layer 2 over Layer 4 • VXLAN is a network virtualization technology that attempts to ameliorate the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate MAC-based OSI layer 2 Ethernet frames within layer 4 UDP packets, using 4789 as the default IANA-assigned destination UDP port number.[1] Docker Networking uses VXLAN
Docker Universal Control Plane Containers as a service
• Management Platform – deploy and manage dockerized apps in production • running containers on any infrastructure • Infrastructure agnostic (on premises, cloud) • Language agnostic Universal Control Plane
• Provisioning of compute, network, and storage on any infrastructure, with integration of enterprise security and monitoring • Support for any: • application: stateful and stateless, legacy and next-generation, for any programming language • bare-metal server, VM or cloud instance • Linux distribution and Windows Server and Solaris • stage of the application lifecycle, from dev to test to QA to staging to production Docker Universal Control Plane
• Enterprise ready (LDAP/AD authN) on premise deployment integrated with Trusted Registry • Security – TLS • Resource Management (visibility and monitoring) • HA Docker Universal Control Plane
Linux Kernel IP Virtual Server
• Forwarder Layer 4 OSI • IPVS is incorporated into the Linux Virtual Server (LVS), where it runs on a host and acts as a load balancer in front of a cluster of real servers. IPVS can direct requests for TCP- and UDP-based services to the real servers, and make services of the real servers appear as virtual services on a single IP address. IPVS is built on top of the Netfilter.[1] • IP Virtual Server (IPVS)
• IPIP mode: Returns packets directly to client (rather that via LB) • DNAT • DSR IP Virtual Server - Modes
• http://github.com/kobolog/gorb • BGP – load balance lbs • Better that lb box GORB – REST Iinterface of IPVS
Jenkins CI with Docker and Compose at Oxford Press
• Commit to Github -> • Jenkins Build with unit tests -> • Build docker image -> • After all the desired components are stablely built run docker compose Jenkins Flow
• Push images to docker registry • Bind docker socket – share dockers • /var/run/docker.sock
Docker Con EU 2015 https://blog.docker.com/tag/dockercon/ http://www.vmtocloud.com/how-to-run-a-docker-swarm-cluster-on-vsphere-with- photon/ http://docker.com http://www.tomsitpro.com/articles/docker-enterprise-hub-orchestration,1-2375.html http://blog.octo.com/en/docker-registry-first-steps/ http://blog.arungupta.me/docker-compose-orchestrate-containers-techtip77/ http://learning-continuous-deployment.github.io/dockercompose/multi- app/2015/05/30/docker-compose/ References

Recomendados

Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep DiveWill Kinard
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker EcosystemDmitry Skaredov
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 
Global Persistence for Docker
Global Persistence for DockerGlobal Persistence for Docker
Global Persistence for DockerDocker, Inc.
 
Intro to Docker at the 2016 Evans Developer relations conference
Intro to Docker at the 2016 Evans Developer relations conferenceIntro to Docker at the 2016 Evans Developer relations conference
Intro to Docker at the 2016 Evans Developer relations conferenceMano Marks
 
Docker introduction & benefits
Docker introduction & benefitsDocker introduction & benefits
Docker introduction & benefitsAmit Manwade
 
Docker Basic to Advance
Docker Basic to AdvanceDocker Basic to Advance
Docker Basic to AdvanceParas Jain
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with DockerDocker, Inc.
 

Recomendados

Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep DiveWill Kinard
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker EcosystemDmitry Skaredov
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 
Global Persistence for Docker
Global Persistence for DockerGlobal Persistence for Docker
Global Persistence for DockerDocker, Inc.
 
Intro to Docker at the 2016 Evans Developer relations conference
Intro to Docker at the 2016 Evans Developer relations conferenceIntro to Docker at the 2016 Evans Developer relations conference
Intro to Docker at the 2016 Evans Developer relations conferenceMano Marks
 
Docker introduction & benefits
Docker introduction & benefitsDocker introduction & benefits
Docker introduction & benefitsAmit Manwade
 
Docker Basic to Advance
Docker Basic to AdvanceDocker Basic to Advance
Docker Basic to AdvanceParas Jain
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with DockerDocker, Inc.
 
Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Steve Wilson
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDocker, Inc.
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerJWORKS powered by Ordina
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetesNexThoughts Technologies
 
Docker introduction
Docker introductionDocker introduction
Docker introductionGourav Varma
 
Docker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker, Inc.
 
Docker Datacenter - CaaS
Docker Datacenter - CaaSDocker Datacenter - CaaS
Docker Datacenter - CaaSHarish Jayakumar
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Abc of docker
Abc of dockerAbc of docker
Abc of dockershohan_slideshare
 
Docker 101
Docker 101Docker 101
Docker 101Lâm Đào
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDocker, Inc.
 
Building microservices with docker
Building microservices with dockerBuilding microservices with docker
Building microservices with dockerRoman Melnyk
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
Why Docker
Why DockerWhy Docker
Why DockerdotCloud
 
Infinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsInfinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsDocker, Inc.
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2Docker, Inc.
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSDevOps.com
 
Docker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker, Inc.
 
Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deploymentjavaonfly
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 

Mais conteúdo relacionado

Mais procurados

Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Steve Wilson
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDocker, Inc.
 
Docker introduction
Docker introductionDocker introduction
Docker introductionGourav Varma
 
Docker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker, Inc.
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDocker, Inc.
 
Building microservices with docker
Building microservices with dockerBuilding microservices with docker
Building microservices with dockerRoman Melnyk
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
Why Docker
Why DockerWhy Docker
Why DockerdotCloud
 
Infinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsInfinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsDocker, Inc.
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2Docker, Inc.
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSDevOps.com
 
Docker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker, Inc.
 

Mais procurados (20)

Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!Containers vs. VMs: It's All About the Apps!
Containers vs. VMs: It's All About the Apps!
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetes
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC WongDocker Hub: Past, Present and Future by Ken Cochrane & BC Wong
Docker Hub: Past, Present and Future by Ken Cochrane & BC Wong
 
Docker Datacenter - CaaS
Docker Datacenter - CaaSDocker Datacenter - CaaS
Docker Datacenter - CaaS
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
 
Abc of docker
Abc of dockerAbc of docker
Abc of docker
 
Docker 101
Docker 101Docker 101
Docker 101
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life Observations
 
Building microservices with docker
Building microservices with dockerBuilding microservices with docker
Building microservices with docker
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
Why Docker
Why DockerWhy Docker
Why Docker
 
Infinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsInfinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container Environments
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2
 
Building Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNSBuilding Resilient Applications with Cloudflare DNS
Building Resilient Applications with Cloudflare DNS
 
Docker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker Federal Summit 2017 General Session
Docker Federal Summit 2017 General Session
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
 

Semelhante a DockerCon EU 2015 Barcelona

Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deploymentjavaonfly
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013dotCloud
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM France Lab
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerDavid Currie
 
Introduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes TrainingIntroduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes TrainingShailendra Chauhan
 
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...Dot Net Tricks
 
Dockerize the World
Dockerize the WorldDockerize the World
Dockerize the Worlddamovsky
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAditya Konarde
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBlueData, Inc.
 
Docker open stack boston
Docker open stack bostonDocker open stack boston
Docker open stack bostondotCloud
 
Devoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsDevoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsPatrick Chanezon
 

Semelhante a DockerCon EU 2015 Barcelona (20)

Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deployment
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
 
Docker
DockerDocker
Docker
 
Docker slides
Docker slidesDocker slides
Docker slides
 
OpenStack Summit
OpenStack SummitOpenStack Summit
OpenStack Summit
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
 
Docker
DockerDocker
Docker
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
 
Introduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes TrainingIntroduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes Training
 
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
 
Dockerize the World
Dockerize the WorldDockerize the World
Dockerize the World
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 
Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker Containers
 
Docker open stack boston
Docker open stack bostonDocker open stack boston
Docker open stack boston
 
OpenStack Boston
OpenStack BostonOpenStack Boston
OpenStack Boston
 
Docker
DockerDocker
Docker
 
Devoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsDevoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and Bolts
 

Último

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

DockerCon EU 2015 Barcelona

  • 1. DevOps & Automation Tech/Team Leader at Cisco DRM Engineering Roman Dembitsky – romande@gmail.com Released: November 16, 2015 Docker Overview DockerCon EU 2015
  • 2. Agenda • What is Docker? • Docker Solutions • Docker Security
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 11. Docker allows you to package an application with all of its dependencies into a standardized unit for software development. Docker
  • 12.
  • 13.
  • 15. How is this different from virtual machines?
  • 16. • Docker Machine – Machine provisioning • Docker Engine – Creates and runs Docker containers • Docker Registry – Docker image distribution repository • Docker Kitematic – Desktop GUI for Docker • Docker Compose – Define multi-container applications • Docker Swarm – Host clustering and container scheduling • Docker Universal Control Plane - Management Platform Docker Solutions
  • 17. Docker Stack Docker Engine Docker Container Docker Compose Docker Swarm Docker Orca (UCP) Platform Layer Application Multi-container applications Distributed Cluster Management Platform Management
  • 19. • Create Hosts Anywhere • Docker Machine can create hosts on most major virtualization hypervisors and in cloud service providers. Docker Machine has driver support for • AWS, Digital Ocean, Google Cloud Platform, IBM Softlayer, Microsoft Azure and Hyper-V, OpenStack, Rackspace, VirtualBox, VMware Fusion®, vCloud® Air™ and vSphere® Docker Machine
  • 20. • Install Docker Engine • Configure Docker Registry • Join nodes to Swarm
  • 22. •Kitematic – nice GUI for containers management •Video Kitematic
  • 26. Docker Registry is an open source application dedicated to the storage and distribution of your Docker images. Its seamless architecture allows both for fine grain integration with other systems and high-level scalability. Aggressively developed, its vibrant community includes industry leaders and users using it at the core of their images distribution solutions. Docker Registry
  • 29. Docker File - Sample Source To Run: docker run -d -p 27017:27017 -p 28017:28017 --name mongo -e AUTH=no tutum/mongodb
  • 31.
  • 32.
  • 33. Docker Compose - Example
  • 34. • Compose facilitates the orchestration of linked containers • Compose allows to have a single script for all the environments • Developers can start/stop/rebuild containers without any deep knowledge of Docker Docker Compose
  • 37. •Swarm – container distribution manager, clustering and scheduling •Swarm 1.0 – ready for production Docker Swarm
  • 38. •Built-in multi-host networking •Built-in persistent storage • Attach any volume to any container dynamically Docker Swarm
  • 39. • Scalable • Libkv (abstraction layer on top of etcd, zookeeper, consul kv stores) Docker Swarm
  • 42. Hardware Key for signing images
  • 43. • Docker Images signing and verifying • Key compromise protection • Content trust allows operations with a remote Docker registry to enforce client-side signing and verification of image tags. Content trust provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side verification of the integrity and publisher of specific image tags. • https://blog.docker.com/2015/08/content-trust-docker-1-8/ Docker Content Trust
  • 44. • Hardware crypto + docker content trust • Hardware root key (usb security device) used for starting key ladder • Allows quickly changing/updating keys so it won’t be possible pushing images with the old keys (that were compromised) Docker Security
  • 45. • Sign docker images before pushing images to repos • Uses root key inside the yubikey for creating new singing keys to sign the images • To see existing keys: notary key list Docker Security
  • 46. • Project Nautilus • Built-in container security analysis • Soon will be as a self service • Deep content analysis • Checks against its own vulnerability db Docker Security Analysis
  • 48. • New Docker Networking APIs • Multi-Host networking • Networks are scoped: Local / Global • Container can participate in multiple networks Docker Networking
  • 49. • VXLAN Layer 2 over Layer 4 • VXLAN is a network virtualization technology that attempts to ameliorate the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate MAC-based OSI layer 2 Ethernet frames within layer 4 UDP packets, using 4789 as the default IANA-assigned destination UDP port number.[1] Docker Networking uses VXLAN
  • 50.
  • 51.
  • 52.
  • 53. Docker Universal Control Plane Containers as a service
  • 54.
  • 55.
  • 56.
  • 57. • Management Platform – deploy and manage dockerized apps in production • running containers on any infrastructure • Infrastructure agnostic (on premises, cloud) • Language agnostic Universal Control Plane
  • 58. • Provisioning of compute, network, and storage on any infrastructure, with integration of enterprise security and monitoring • Support for any: • application: stateful and stateless, legacy and next-generation, for any programming language • bare-metal server, VM or cloud instance • Linux distribution and Windows Server and Solaris • stage of the application lifecycle, from dev to test to QA to staging to production Docker Universal Control Plane
  • 59. • Enterprise ready (LDAP/AD authN) on premise deployment integrated with Trusted Registry • Security – TLS • Resource Management (visibility and monitoring) • HA Docker Universal Control Plane
  • 60. Linux Kernel IP Virtual Server
  • 61. • Forwarder Layer 4 OSI • IPVS is incorporated into the Linux Virtual Server (LVS), where it runs on a host and acts as a load balancer in front of a cluster of real servers. IPVS can direct requests for TCP- and UDP-based services to the real servers, and make services of the real servers appear as virtual services on a single IP address. IPVS is built on top of the Netfilter.[1] • IP Virtual Server (IPVS)
  • 62. • IPIP mode: Returns packets directly to client (rather that via LB) • DNAT • DSR IP Virtual Server - Modes
  • 63. • http://github.com/kobolog/gorb • BGP – load balance lbs • Better that lb box GORB – REST Iinterface of IPVS
  • 64.
  • 65.
  • 66. Jenkins CI with Docker and Compose at Oxford Press
  • 67. • Commit to Github -> • Jenkins Build with unit tests -> • Build docker image -> • After all the desired components are stablely built run docker compose Jenkins Flow
  • 68. • Push images to docker registry • Bind docker socket – share dockers • /var/run/docker.sock
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75. Docker Con EU 2015 https://blog.docker.com/tag/dockercon/ http://www.vmtocloud.com/how-to-run-a-docker-swarm-cluster-on-vsphere-with- photon/ http://docker.com http://www.tomsitpro.com/articles/docker-enterprise-hub-orchestration,1-2375.html http://blog.octo.com/en/docker-registry-first-steps/ http://blog.arungupta.me/docker-compose-orchestrate-containers-techtip77/ http://learning-continuous-deployment.github.io/dockercompose/multi- app/2015/05/30/docker-compose/ References